_________________________________________________________________________
GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET

Adobe has belatedly rushed out patches for a zero-day security flaw in its widely used Flash Player that had been exploited by a cyber-espionage group based in China for weeks, according to security services specialist FireEye.

The group, identified as APT3 by FireEye, had used the vulnerability to attack high-tech companies in aerospace and defence, construction and engineering, IT and telecoms, indicating either an intent to steal valuable intellectual property to sell on or state espionage.

“After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3’s command and control (CnC) infrastructure is difficult to track, as there is little overlap across campaigns.”

Organisations were targeted with phishing emails – indicating the ongoing importance of both email scanning and end-user education – with targets re-directed to a compromised server hosting JavaScript profiling scripts.

“Once a target host was profiled, victims downloaded a malicious Adobe Flash Player SWF file and an FLV file, detailed below. This ultimately resulted in a custom backdoor known as SHOTPUT, detected by FireEye as ‘Backdoor.APT.CookieCutter’, being delivered to the victim’s system,” warn FireEye.

Last night, Adobe finally released a patch labelled CVE-2015-3113 to address the critical security issue and advised users to update their Flash versions for Windows, Apple Mac and Linux platforms.

Craig Young, a security researcher at Tripwire, suggested that part of the problem is Adobe Flash itself, a remnant of the 2000s so-called “Web 2.0” boom, which was supposed to bring more sophisticated interactivity to the web compared to the early static pages of the 1990s internet.

“Flash, along with ActiveX and Java are remnants of the 1990s ‘Web 2.0′ technology boom. The nature of these technologies allows attackers to run code directly on remote computers and revolutionised the attack surface of the internet,” said Young.

He continued: “There has been a constant barrage of vulnerabilities in all ‘Web 2.0′ technology, as well as a constant stream of ‘update’ messages to users. This has given way to a newer and very successful form of attack wherein the attacker spoofs an update message tricking users into downloading malware. These tricks can be particularly effective, as illustrated by the 2012 Flashback malware that exploited Java on roughly 600,000 Apple computers in the six weeks it took for Apple to respond with patches.”